Bowie Bailey wrote:
DAve wrote:
I have it working fine here, about 20 lines of /bin/sh and and I can
turn out any number of rule sets, even a channel per SARE rule.
I'm willing to publish the channels if there is interest in them. I
still believe packages or sets of popular rules would be good.
Alternatively I can create a channel file with each rule commented out
and the user can download the file, uncomment the rules they want, and
run 'sa-update --channelfile MY_FILE' and be done with it.
I came out against this idea mainly because it seemed complex and
unwieldy. If it is really this simple, then go for it. I would be
willing to give it a try.
Yea, it really is that simple. The sa-update process makes it so there
is no editing of config files, no paths to change, etc. sa-update knows
what to do to make SA happy. If your SA install works, simply running
sa-update is all that is required.
(just don't get any strange ideas about the --updatdir option ;^)
I still need to get a gpg sig for the channels, it's been a few years
since I did anything with gpg so there is a bit of dusting off of
braincells to do.
Sorry, can't help you there.
man gpg should do nicely.
Any thoughts on popular sets?
That would probably vary quite a bit. A good start might be a set of
"safe" rules.
Something like this:
SARE_EVILNUMBERS0
SARE_HTML0
SARE_HEADER0
SARE_GENLSUBJ0
SARE_URI0
SARE_OBFU0
Maybe along with some other good rules.
SARE_FRAUD
SARE_OEM
SARE_RANDOM
SARE_SPOOF
SARE_STOCKS
SARE_UNSUB
SARE_WHITELIST_SPF
SARE_WHITELIST_RCVD
Of course it all depends on whether the user's machine has enough
power to deal with a large number of rulesets.
If anyone has some numbers about memory requirements on certain rules it
would help.
If the SARE guys are interested in this project, maybe they could come
up with a list of the most commonly downloaded rulesets.
They are oddly silent on the subject so far.......
DAve
--
Three years now I've asked Google why they don't have a
logo change for Memorial Day. Why do they choose to do logos
for other non-international holidays, but nothing for
Veterans?
Maybe they forgot who made that choice possible.
